Overview of how SCOM worksIn order to understand what I am trying to achieve with this new series, some basic understanding of SCOM is required. I’ll do my best to give a KISS explanation. After that I’ll talk about the Quick & Dirty MP approach.

Targeting & ClassesFirst of all, TARGETING in SCOM is key. Without targeting SCOM workloads (Discoveries, Rules, Monitors, Tasks and so on) would run everywhere, causing a lot of mayhem.

As such Classes are made, and their related Objects are ‘picked up’ by Discoveries. Those Objects are nothing but instances of their related Class, inheriting the same attributes as their related Class. The Class and it’s attributes are defined in the so called Service Model.

Service ModelThis Service Model also contains the relationship between the different Classes. For example, without a Windows Computer you can’t have a Windows Logical Disk. And per Windows Computer you can have multiple Windows Logical Disks. When the Windows Computer object is removed, so are the related Windows Logical Disks. So this relationship is also described in the Service Model.

Health ModelOver that Service Model, another layer is added, the so called Health Model, containing all the Rules, Monitors and Tasks (if any), directly related to the specific Class.

Health- & Service Model = True power!When combined, SCOM not only has awareness of (for example) a Windows Server 2012 Logical Disk (thanks to the Service Model), but also has a deep understanding about how to decide whether the related Objects are healthy or not (thanks to the Health Model).

Because of it, SCOM workloads are executed only there where required. For instance SCOM won’t try to monitor non-present SQL databases or non-existent Exchange based workloads. Simply because the related Objects aren’t present and as such, those related SCOM (monitoring) workloads won’t be executed.

No Class = No proper monitoringReason why I tell you all this is because WITHOUT a proper Class, monitoring will NEVER be good, a workaround at it’s best. So Classes are a hard requirement in SCOM in order to get some proper monitoring done.

But in the SCOM Console there is no way to create Classes and their related Discoveries. Sure, you can create an Attribute but that’s an absolute no go area since you create a copy of an existing attribute (labeled extended attribute) which is a total pollution of your SCOM environment. So stay away from it. NEVER EVER USE IT! Time for a better approach…

Classes & DiscoveriesDefining a Class is one thing. However, a Discovery is required as well in order to have SCOM picking up the Objects related to the same Class. And there are quite a few ways to discover new Objects. Think about WMI and scripts for instance.

However, a script based Discovery can be quite a challenge to get it right and also to KEEP it right. Meaning, along the way the Objects might be running updated software, causing the discovery scripts not working anymore, thus requiring an update as well.

Besides that challenge it’s known that WMI and script based discoveries also can have quite a footprint on the available resources on that box.

Gladly there is another type of Discovery which is light weight, which is the Registry based Discovery. None the less, when the Objects are running updated software, this Discovery might require an update as well since the registry keys – on which the Discovery depends – are modified as well.

Wouldn’t it be TOTALLY awesome to have a Discovery which is ‘Set & Forget’? Which ALWAYS runs and works on ANY Windows based box? Now you’re about to enter the ‘dirty’ part of this series of postings…

Reverse DiscoveryNo matter what type of Windows box there is (or was for that matter), ALL of them share common registry keys like this one: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion.

Why not define a Class with a registry based Discovery looking only for the presence of that key? And when found, an Object of that Class is added.

Sure, since EVERY Windows based system has that registry key, ALL Windows systems running a SCOM Agent, would become an instance of that Class. And that’s not what we want.

Hence the REVERSE Discovery. The Class is defined, the Discovery is made but disabled by Default. The same MP also contains a Group which is empty by default.

How it worksWhen the MP is imported into SCOM, one or more new Classes will be added to SCOM. Since the Discovery is disabled by default, no instances related to those Classes will be discovered, so no monitoring – as defined in the same MP – will take place.

However, when the earlier mentioned Group is modified so that the Windows servers are added which must be monitored by that MP, and that same Group is used as an Override on the Discovery, enabling it only for that Group, those very same servers will be discovered as instances to the Classes as defined in the MP.

Soon after that the instances are discovered, they’ll enter a monitored state, based on the Monitors and Rules defined in the same MP.

Refining itSure, you can define registry based Discoveries on registry keys related only to the specific application you’re writing the custom MP for. In such a scenario you don’t disable the Discovery nor do you need the previously mentioned Group.

However, it will take the speed away compared to the other approach using the registry key which is present on any Windows based box. Why? Keep on reading because now you’re about to enter the quick part of it all…

Template MP XMLSuppose we stick to our approach using the common registry key for the Discovery.

All we have to do now is to create a default custom MP in MP Author, defining one Class, the well known Discovery (disabled by default), the Group (later to be used for enabling the Discovery by an Override) a folder for presentation in the SCOM Console (under Monitoring) with a State and and Alert View.

Save that XML code and you’re in business! Of course, the MP is lacking Monitors and Rules, but they will be added as required per custom application/service to be monitored. So there is no point in adding them already in the template.

Let me explain it a bit more. In the next postings of this series I’ll cover the details, for now I cover the overview of it.

Custom Application = Template MP XML

Since we’re going to build template MP XML, we require a template name as well. Custom Application is a good name here. MP Author is a great tool to build a MP for IT Pro’s. So this is the tool we’re going to use.

Every time a name is required we type Custom Application (mind the space!) or Custom.Application (mind the dot (.)!)or in case of the Discovery CustomApplication (mind the lacking space!).

We create the Class, the related Discovery (disable it when created), Folder, State and Alert View. Also a Group is created.

Then we save the XML code and scrub it – using Notepad++ - since MP Author adds these annoying tags stating MP Author was used to create this MP…

We save the scrubbed code and store it for later usage.

Please mind that the name of the Template XML code is Custom.Application.xml. This name must be modified later on as well.

Custom application monitoring requiredSuppose we have the template MP XML code stored for later usage. Now is the time to use it since we are required to monitor two servers connecting to Office 365. This is the way to go about it.

We inventory the services and Event IDs defining the health and availability of a working Office 365 Connection Server;

We make a copy of the Template MP XML and rename the it to Office365.Connection.Server.xml;

We open this XML code in Notepad++ and do a couple of search & replace actions:

Search for Custom.Application and replace it with Office365.Connection.Server;

Search for Custom Application and replace it with Office 365 Connection Server;

Search for CustomApplication and replace it with Office365ConnectionServer;

Save the changes and close Notepadd++

Start MP Author and open the XML code previously saved in Step 7;

Add the required Monitors and Rules and save the MP;

Import the MP in SCOM, modify the Group and use as an Override target for enabling the Discovery. Soon the correct Office 365 Connection Servers will be discovered and monitored by SCOM, with their own Folder and Views in the SCOM Console .

In the future postings I’ll cover the details of it all. Please know that it won’t become a detailed guide about using MP Author. Instead I’ll highlight the most important parts of it, supporting the why of this series.

See you all next time!

Credits: The usage of the reverse Discovery isn’t invented by myself. A former colleague of mine taught me this trick, so all credits for this approach should go to him. Thank you Peter Smit!

How the challenge came to beBased on the MPs delivered by Microsoft, SCOM is capable of monitoring many different workloads ‘out of the box’. However, in the real world organizations run many non-Microsoft based workloads running on Windows Servers, which require monitoring as well. Also by SCOM. And many times there aren’t third party MPs available for monitoring those workloads.

And now a challenge takes shape. Because HOW is one going to do that WITHOUT:

Big investments in time, resources and budget;

Turning to the ‘crappy’ SCOM Console which isn’t made at all for custom MP authoring;

VSAE: The license & the steep learning curveHowever, VS doesn’t come free. And yes AE works well with the community edition of VS. BUT this version isn’t allowed in a commercial setting. So using VSAE community edition is most of the times an absolute no go for organizations, or at least open for discussion. And many organizations simply don’t want to go there. So when your organization doesn’t have VS already in use (and properly licensed) VSAE is most out the time, a no go area…

Besides that, VSAE has a steep learning curve. I know from my own experiences it’s not only a challenge to master, but even more a challenge to stay on a certain level. For myself when not having authored a MP with VSAE for some time, it takes a while to get the hang of it again. So MP authoring with VSAE is quite a challenge.

MP Fragments?So one could solve this issue with Management Pack Fragments. This allows for very quick MP authoring with VSAE without having to go through all the challenges of reinventing the wheel yourself. Instead you use ‘ready-to-bake’ MP Fragments, containing much of the required code for your MP.

But how about the VS license?Sure, you still require VS and a proper license. As stated before, the community edition won’t do in a corporate environment. But still, when requiring good custom made MPs, covering your company’s custom services/applications, it’s the best way to go.

UpdateAs is turned out during writing this posting, Silect has released an updated version of MP Author Professional which is now also capable of using VS fragments. So the very same MP Fragments made by Kevin can be used by MP Author Professional. So this could be an alternative for VS with a more agreeable price tag. When you’re a developer, I would go for VS, but that’s me .

RoI and a FREE & FAST alternativeReturn on Investment is something to be taken seriously. Is the above mentioned approach still viable when you want to monitor just a few services, logs and events on a subset of servers? Does one really has to go through the ‘pain’ of buying software? Or is there another approach in cases like these, totally FREE and FAST? YES THERE IS!!!

However, the scope of this approach/workaround is limited. The moment you’re required to monitor a multi layered application/service hierarchy running on multiple servers, I strongly advise you NOT to use the approach I am going to share in a new series of postings. Instead, use VSAE or MP Author Professional with the MP Fragments and be happy.

However, when you only want to monitor some services, logs, events on a subset of servers for a rather single dimensioned application/service, the approach I am going to share will work for you and not just that, but it will be pretty fast, especially when you use the template XML code I am going to share with you.

Fun thing is that in many cases this approach works pretty good for many monitoring requirements and saves you and your company a lot of time, resources AND money! Besides that, it’s easy to master and to apply this knowledge in the future.

At this moment Microsoft has acknowledged this bug (AKA ‘hidden feature’) which will be addressed for certain with the release of Update Rollup #3 and perhaps even before that, with the release of a hotfix. However, the release of this hotfix is still under investigation and as such uncertain.

Want to know more? Read this article on the System Center Operations Manager Team Blog.

Monday, March 20, 2017

It’s the one stop shop for all Azure related services. It describes in telegram style what the related Azure service delivers and – depending on the service – shows one or more links for these categories:

Overview

Pricing

Documentation

Limits

SLA

Service Updates

Articles

Code Samples

Example, when selecting SQL Database, one is shown this ‘drop down’ menu:

So now one only has to bookmark this website and you have all the information you need for Azure.

Installing the SCOM 2016 Agent with the NOAPM = 1 switch works around this issue.

APM stands for Application Performance Monitoring, enabling organizations to deeply monitor .NET based applications, from server to client and back. Later on Microsoft also enabled APM to monitor J2EE based applications.

The APM component is part of the SCOM Agent and is installed by default when a SCOM Agent is installed. By default the APM service is switched off. But now with the SCOM 2016 Agent, the APM component is buggy and causes legacy IIS Application Pools to crash EVEN WHEN THE APM COMPONENT IS SWITCHED OFF (by default)…

In Kevin’s same posting he also tells you how to remove APM from SCOM 2016 Agents. So his posting is a MUST read.

At this moment Microsoft is aware of this bug and working hard on a fix. For now there is no known time frame when the fix will be ready and released.

Thing is that SCOM uses SHA-1 itself for monitoring UX based workloads!

SHA-2 to the rescue?Gladly, UR#12 for SCOM 2012 R2 and UR#2 for SCOM 2016 fixes this issue by replacing SHA-1 by SHA256, member of the SHA-2 family.

What to do?Simple! Whenever running SCOM 2012 R2 and/or SCOM 2016 AND monitoring UX based workloads, roll out the respective UR and follow this article on the SCOM Team Blog about how to replace the SHA-1 certificates with the SHA256 certificates.

Do I need to?Well, it depends. When you like flipping burgers as a next career move, then don’t. When you like your current career, then do it ASAP…

Veeam

NiCE

Search This Blog

Didacticum

Pageviews last month

Visitors to this blog:

Why this blog?

On an almost daily basis I work with Azure, OMS & System Center related technologies. At the moment my main focus areas are Azure, OMS, SCOM & SCCM.

Because I bump into many challenges I decided to start this blog, which has two main purposes: to help YOU with mastering these products by covering the undocumented features and last, but not least, as my personal - but open to any one - knowledge base.

From January 2010 on I have been rewarded with the MVP award and until now this this status is prolonged every year.

MVP AWARD

Follow me on Twitter

Disclaimer

The information in this blog is provided 'AS IS' with no warranties and confers no rights. This blog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided 'AS IS' without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.